I now have a flat L2 network which I plan to divide up by assigning VLAN 2 to finance, VLAN3 to HR, VLAN4 to Engineering... however, they all need to access a few servers (eg email) that should be accessible to all the VLANs - thus the server port would have VLAN2,3,4 configured.
Note that no L3 devices is required because the IP addressing remains in one subnet (eg. 10.10.10.x) for the whole company. This is to control broadcast domains, and improve security. My aim is improve security with the least disruption. Putting in a L3 device (such as a router-on-a-stick or L3 switch) would require to change IP addressing - which would probably be a major task by itself - looking at the number of clients to be changed.
Is this approach workable and recommended? What are your comments / suggestions / advise.. Thanks!!!